1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/*

800-53|CM-7b.

1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod

1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe

1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - /etc/modprobe.d/*

1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod

1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobe

1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - /etc/modprobe.d/*

1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - lsmod

1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobe

1.1.1.4 Ensure mounting of hfs filesystems is disabled - /etc/modprobe.d/*

1.1.1.4 Ensure mounting of hfs filesystems is disabled - lsmod

1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobe

1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - /etc/modprobe.d/*

1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod

1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe

1.1.1.6 Ensure mounting of squashfs filesystems is disabled - /etc/modprobe.d/*

1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmod

1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobe

1.1.1.7 Ensure mounting of udf filesystems is disabled - /etc/modprobe.d/*

1.1.1.7 Ensure mounting of udf filesystems is disabled - lsmod

1.1.1.7 Ensure mounting of udf filesystems is disabled - modprobe

1.1.3 Ensure nodev option set on /tmp partition

800-53|AC-6(10)

1.1.4 Ensure nosuid option set on /tmp partition

800-53|AC-3

800-53|AC-5

800-53|AC-6

800-53|MP-2

CSCv7|13

1.1.5 Ensure noexec option set on /tmp partition

800-53|CM-11

CSCv7|2.6

1.1.8 Ensure nodev option set on /var/tmp partition

1.1.9 Ensure nosuid option set on /var/tmp partition

1.1.10 Ensure noexec option set on /var/tmp partition

1.1.14 Ensure nodev option set on /home partition

1.1.15 Ensure nodev option set on /dev/shm partition

1.1.16 Ensure nosuid option set on /dev/shm partition

1.1.17 Ensure noexec option set on /dev/shm partition

1.1.18 Ensure nodev option set on removable media partitions

1.1.19 Ensure nosuid option set on removable media partitions

1.1.20 Ensure noexec option set on removable media partitions

1.1.21 Ensure sticky bit is set on all world-writable directories

800-53|MP-7

CSCv7|8.4

CSCv7|8.5

1.2.1 Ensure package manager repositories are configured

800-53|RA-5

800-53|SI-2

800-53|SI-2(2)

CSCv7|3.4

CSCv7|3.5

800-53|AC-6(9)

800-53|AU-2

800-53|AU-12

CSCv7|14.9

1.3.2 Ensure filesystem integrity is regularly checked

1.4.1 Ensure permissions on bootloader config are configured

800-53|SI-7(9)

1.4.2 Ensure bootloader password is set - password_pbkdf2

800-53|SI-7(10)

1.4.2 Ensure bootloader password is set - superusers

1.4.3 Ensure authentication required for single user mode

1.5.1 Ensure core dumps are restricted - /etc/sysctl

800-53|CM-7

1.5.1 Ensure core dumps are restricted - fs.suid_dumpable

1.5.1 Ensure core dumps are restricted - hard core 0

800-53|SI-16

CSCv7|8.3

1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl

1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl

800-53|AU-3

1.7.1.1 Ensure message of the day is configured properly - banner text

800-53|AC-8

1.7.1.1 Ensure message of the day is configured properly - mrsv

800-53|CM-6b.

1.7.1.2 Ensure local login warning banner is configured properly - banner text

1.7.1.2 Ensure local login warning banner is configured properly - mrsv

1.7.1.3 Ensure remote login warning banner is configured properly - banner text

1.7.1.3 Ensure remote login warning banner is configured properly - mrsv

1.7.1.4 Ensure permissions on /etc/motd are configured

CSCv7|14.6

1.7.1.5 Ensure permissions on /etc/issue are configured

1.7.1.6 Ensure permissions on /etc/issue.net are configured

1.7.2 Ensure GDM login banner is configured - banner-message-enable

800-53|AC-8a.

1.7.2 Ensure GDM login banner is configured - banner-message-text

1.7.2 Ensure GDM login banner is configured - file-db

1.7.2 Ensure GDM login banner is configured - system-db

1.7.2 Ensure GDM login banner is configured - user-db

1.8 Ensure updates, patches, and additional security software are installed

2.1.1 Ensure chargen services are not enabled

800-53|CM-6

2.1.1 Ensure chargen services are not enabled - chargen-udp

2.1.2 Ensure daytime services are not enabled

2.1.2 Ensure daytime services are not enabled - daytime-udp

2.1.3 Ensure discard services are not enabled

2.1.3 Ensure discard services are not enabled - discard-udp

2.1.4 Ensure echo services are not enabled

2.1.4 Ensure echo services are not enabled - echo-udp

2.1.5 Ensure time services are not enabled

2.1.5 Ensure time services are not enabled - time-udp

2.1.6 Ensure rsh server is not enabled - rexec

2.1.6 Ensure rsh server is not enabled - rlogin

2.1.6 Ensure rsh server is not enabled - rsh

CSCv7|9.2

2.1.8 Ensure telnet server is not enabled

2.1.10 Ensure rsync service is not enabled

2.2.1.1 Ensure time synchronization is in use

800-53|AU-7

800-53|AU-8

CSCv7|6.1

2.2.1.2 Ensure ntp is configured - ntp:ntp

2.2.1.2 Ensure ntp is configured - restrict -4

2.2.1.2 Ensure ntp is configured - restrict -6

2.2.1.2 Ensure ntp is configured - server

2.2.2 Ensure X Window System is not installed

2.2.7 Ensure NFS and RPC are not enabled - nfs

2.2.7 Ensure NFS and RPC are not enabled - rpcbind

2.2.11 Ensure IMAP and POP3 server is not enabled

CIS SUSE Linux Enterprise Server 11 L1 v2.1.1

Audit Details

File Details

Audit Changelog

Revision 1.3

Functional Update

Revision 1.2

Miscellaneous

Revision 1.1

Functional Update

CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 Download File

Audit Details

File Details

Audit Changelog

Revision 1.3

Functional Update

Revision 1.2

Miscellaneous

Revision 1.1

Functional Update

CIS SUSE Linux Enterprise Server 11 L1 v2.1.1